如何强制用户使用带有少密码电话登录功能的MS Authenticator? [英] How to enforce users to use MS Authenticator with Password less phone sign-in?
问题描述
你好
我们计划在云中用Azure MFA替换Azure MFA Server,现在我们正在寻找一种可以代替管理员使用的PIN码(电话+ PIN)的解决方案. MS Authenticator看起来很有前途,但这是我们无法回答的两个问题,因此我们 需要一些帮助.
We plan to replace Azure MFA Server with Azure MFA in the Cloud and now we are looking for a solution that can be used instead of PIN code (Phone call + PIN) for Admins. MS Authenticator looks promising but here are 2 questions we can't answer, so we would need some help, please.
如果启用了身份验证器验证方法,我们如何确保管理员将使用MS Authenticator应用而不是另一个Authenticator应用进行登录?如果使用MS Authenticator,可以使用带有设备注册功能的电话接听,但是 如何强制管理员在未注册的设备上使用电话接收,而不是其他Authenticator应用.综上所述:我们想实现管理员将使用电话信号输入"功能.在已注册的/Intune托管设备上使用MS Authenticator应用程序.
How can we make sure Admins will use MS Authenticator app and not another Authenticator app to login if the Authenticator verification method is enabled? Phone sing-in with device registration is nice to have in case of MS Authenticator but how to enforce Admins to use phone sing-in and not another Authenticator app on a nonregistered device. To sum it up: we want to achieve that Admins will use "phone sig-in" with MS Authenticator app on a registered / Intune managed device.
谢谢获得支持.
推荐答案
Gabor Nyers,
Hi Gabor Nyers,
您可以使用条件访问"来创建既需要多因素身份验证又要符合设备要求的策略.如果要对内部应用程序使用条件访问,建议您看一下Azure AD应用程序 代理.
You could use Conditonal Access to create a policy that requires both multifactor authentiaction and that the device is compliant. If you want to use Conditional Access to internal applications you would recommend you to take a look at Azure AD Application Proxy.
https://docs.microsoft.com/en-us/azure /active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/intune/device -compliance-get-started
https://docs.microsoft .com/en-us/azure/active-directory/manage-apps/application-proxy-publish-azure-portal
这篇关于如何强制用户使用带有少密码电话登录功能的MS Authenticator?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!